Google typo can be costly / 'Googkle.com' used to hit users with Trojan horse attacks

Matt Hines, Cnet News.com

Published 4:00 am, Monday, May 2, 2005

Security researchers have discovered an attack aimed at would-be visitors to Google.com, one that attempts to download malicious programs onto the computers of people who mistype the search giant's Web address.

According to security specialist F-Secure, unsuspecting Web surfers may be bombarded with various types of Trojan horse threats, spyware and backdoors when they go to googkle.com. The scheme is meant to take advantage of sloppy or hurried typists, given that on most keyboards the letter "k" key sits next to the "l" needed to type "Google."

Google representatives said the company has no comment on the matter for the time being.

Millennial Habits May Soon Bring An End to Passwords New Study ShowsBuzz 60

Google Brings Wheelchair Routes to MapsWibbitz

In the past, the company appears to have made moves to protect its users against mistyping errors. Those who put an extra "o" in Google's URL are redirected to the company's home page. On the other hand, those who mistakenly add a fourth "o" to Google are directed to USseek.com, a Web portal that offers pop-up advertising for an online casino.

In an advisory, F-Secure strongly advises people not to go to Googkle.com. People who do so will see two pop-ups linked to Web sites that install the Trojan programs. One of the programs is a phishing-style Trojan that attempts to garner individuals' online banking information, while another drops phony antivirus alerts on the victim's desktop that attempt to lure people to other infected Web sites.

While relatively low tech in terms of its social engineering, the URL typo attack is an approach that has long been incorporated by many Internet opportunists, from legitimate companies trying to steal traffic from their rivals or simply piggyback on the success of larger companies, to criminals looking to misrepresent themselves and trick consumers into handing over personal data.

In one of the most famous instances of URL deception, the site hosted at whitehouse.com for several years was an advertisement for pornography, not a link to the office of the president, whose official site can be found at whitehouse.gov.